Lab 2 One of the most well-known packet sniffers is called Wireshark (formerly named Ethereal). It is a powerful tool that can capture, filter, and analyze network traffic. It can promiscuously capture traffic on both wired and wireless networks. It is used by security and networking professionals to troubleshoot networking problems. In this project you will install Wireshark, capture packets, use a capture filter, and look at the contents of a packet. When placed correctly, a network administrator can use Wireshark to see all the traffic coming into and out of a network. Network administrators can, among other things, see which hostnames are being requested and who is requesting them. Surfing the Web is not anonymous. 1. Download Wireshark from http://www.wireshark.org/download.html. 2. Click Download Windows Installer. 3. Click Save. 4. If the program doesn't automatically open, browse to your download directory. 5. Double-click the installer labeled wireshark-2.2.1.exe. The version number might be different if a later release is available. 6. Click Next, I Agree, and Next. 7. Select Desktop Icon. 8. Click Next, Next, and Install. 9. Click Next to install WinPCap. 10. Click Next, I Agree, and Finish. 11. Click Next and Finish. 12. Double-click the Wireshark icon on your desktop. 13. Click Capture and Options. 14. Take a screenshot. 15. Select your Network Interface Card (NIC) in the Interface drop-down menu at the top of the screen. 16. Close ALL other programs you currently have open except your word processing program (e.g. Microsoft Word, OpenOffice Writer, etc.). 17. Click Start. 18. Let it run for 30 seconds. 19. While you are waiting open a web browser and go to www.google.com. 20. Click Capture and Stop. 21. Scroll up until you see a green and blue area. (These are the packets you captured when you requested Google's main page.) 22. Take a screenshot. 23. Scroll down until you see a line that has GET/ HTTP/1.1. (You may have to try more than one until you get to the packet that shows "www.google.com" in the bottom pane.) 24. Select that row. 25. In the bottom pane you will see numbers and letters to the left. (Those are the packets contents in hexadecimal.) Just to the right you will see the content of the packet in a column. 26. Select the text: www.google.com. 27. Take a screenshot. You just picked packets off your network and looked at their contents. There may have been traffic that you couldn't understand. Most people are surprised at the number of packets that are needed to get a single webpage to load. Wireshark has additional online documentation at www.Wireshark.org that will help you understand the other packets you captured. Now you are going to filter out all the "extra" packets you captured and just look at Web traffic running over port 80. 28. With Wireshark open click Capture and Options. 29. If you haven't already done so, select your Network Interface Card (NIC) in the Interface drop-down menu at the top of the screen. 30. Type tcp port 80 in the box next to Capture Filter. 31. Close ALL other programs you currently have open except your word processing program (Microsoft Word, OpenOffice Writer, etc.). 32. Click Start. 33. Open a web browser and go to www.google.com. 34. Click Capture and Stop. 35. Scroll down until you see a line that has GET/ HTTP/1.1. (You may have to try more than one until you get to the www.google.com packet.) 36. Select that row. 37. In the bottom pane you will see a bunch of numbers to the left. (It's the contents of the packet in hexadecimal.) Just to the right you will see the content of the packet in a column. 38. Select the text www.google.com. 39. Take a screenshot. 40. Answer the following questions very briefly. (No more than 2 lines per answer) a. Why does your computer send so many packets? Why not send just one BIG packet? b. What do SYN, ACK, FIN, GET mean? c. Why do some packets have sequence numbers? d. Why does your computer send packets to the webserver that you requested data from? e. What do the different colors in the Wireshark packet capture listing mean? f. Why would your computer get packets that are addressed to another machine? 41. Submit The MS Word Document on Blackboard. Screenshots, IP addresses and answers for individual students should vary